Abstract
Usage Control policies have been introduced to overcome issues related to the usage of resources. Indeed, a Usage Control policy takes into account attributes of subjects and resources which change over time. Hence, the policy is continuously enforced while an action is performed on a resource, and it is re-evaluated at every context change. This permits to revoke the access to a resource as soon as the new context violates the policy. The Usage Control model is very flexible, and mutable attributes can be exploited also to make a decision based on the actions that have been previously authorized and executed. This paper presents a history-based variant of U-XACML policies composed via process algebra-like operators in order to take trace of past actions made on resources by the subjects. In particular, we present a formalization of our idea through a process algebra and the enhanced logical architecture to enforce such policies.
This work was partially supported by the FP7 EU-funded project Confidential and Compliant Clouds, Coco Cloud [GA #610853], the H2020 EU-funded project European Network for Cyber Security, NeCS, [GA #675320], the EIT-Digital MCloudDaaS prject and HII on Trusted Cloud Management project.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
eXtensible Access Control Markup Language (XACML) Ver. 3.0.http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html
Baiardi, F., Martinelli, F., Mori, P., Vaccarelli, A.: Improving grid services security with fine grain policies. In: On the Move to Meaningful Internet Systems 2004: Confederated International Workshops and Posters, GADA, JTRES, MIOS, WORM, WOSE, PhDS, and INTEROP 2004, Agia Napa, Cyprus, October 25–29, pp. 123–134 (2004)
Birnstill, P., Pretschner, A.: Enforcing privacy through usage-controlled video surveillance. In: 10th IEEE International Conference on Advanced Video and Signal Based Surveillance, AVSS 2013, Krakow, Poland, August 27–30, pp. 318–323. IEEE (2013)
Brewer, D., Nash, M.: The chinese wall security policy. In: Proceedings of the 1989 IEEE Symposium on Security and Privacy, pp. 206–214. IEEE Computer Society Press (1989)
Desprez, F., Getov, V., Priol, T., Yahyapour, R.: A proposal on enhancing XACML with continuous usage control features. In: Colombo, M., Lazouski, A., Martinelli, F., Mori, P. (eds.) Grids, P2P and Services Computing, pp. 133–146. Springer, Heidelberg (2010)
Lazouski, A., Mancini, G., Martinelli, F., Mori, P.: Usage control in cloud systems. In: Procedings of The 7th International Conference for Internet Technology and Secured Transactions (ICITST-2012), pp. 202–207. Infonomics Society (2012)
Martinelli, F., Mori, P.: On usage control for grid systems. Future Gener. Comput. Syst. 26(7), 1032–1042 (2010)
Mauw, S., Massacci, F., Piessens, F., Aktug, I., Naliuka, K.: Special issue on security and trust conspec - a formal language for policy specification. Sci. Comput. Program. 74(1), 2–12 (2008). http://www.sciencedirect.com/science/article/pii/S0167642308001056
Park, J., Sandhu, R.: The uconabc usage control model. ACM Trans. Inf. Syst. Secur. 7(1), 128–174 (2004). http://doi.acm.org/10.1145/984334.984339
Park, J., Sandhu, R.: The \({UCON}_{ABC}\) usage control model. ACM Trans. Inf. Syst. Secur. 7, 128–174 (2004)
Sarno, C.D., Garofalo, A., Matteucci, I., Vallini, M.: A novel security information and event management system for enhancing cyber security in a hydroelectric dam. IJCIP 13, 39–51 (2016)
Zhang, X., Nakae, M., Covington, M.J., Sandhu, R.: Toward a usage-based security framework for collaborative computing systems. ACM Trans. Inf. Syst. Secur. 11(1), 3:1–3:36 (2008)
Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J.: Formal model and policy specification of usage control. ACM Trans. Inf. Syst. Secur. 8(4), 351–387 (2005)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Martinelli, F., Matteucci, I., Mori, P., Saracino, A. (2016). Enforcement of U-XACML History-Based Usage Control Policy. In: Barthe, G., Markatos, E., Samarati, P. (eds) Security and Trust Management. STM 2016. Lecture Notes in Computer Science(), vol 9871. Springer, Cham. https://doi.org/10.1007/978-3-319-46598-2_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-46598-2_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-46597-5
Online ISBN: 978-3-319-46598-2
eBook Packages: Computer ScienceComputer Science (R0)